Hi, I’m using CircleCI to build a Dockerfile which pulls from a private Git repo.
I’ve set up a custom SSH key in my CircleCI project according to this CircleCI tutorial, and have verified that this key functions from my local machine — I can use it to clone a private Git repository from the host.
My CircleCI config for the relevant job first adds the SSH key in question (the only one in my account), and then runs a Docker build:
jobs: rnng: machine: image: circleci/classic:latest docker_layer_caching: true steps: - checkout - run: name: Docker login command: | echo $DOCKER_HUB_PWD | docker login -u $DOCKER_HUB_USER_ID --password-stdin - add_ssh_keys: fingerprints: - "88:36:05:01:d6:98:05:43:e3:e4:e3:d3:a3:67:e9:29" - run: name: Build working_directory: models/RNNG command: docker build -t cpllab/language-models:rnng .
That Dockerfile has a command which pulls from my private server’s IP address. This fails with an authentication error — see below (with anonymized IP).
Step 7/18 : RUN git clone firstname.lastname@example.org:rnng-incremental.git /opt/rnng-incremental ---> Running in e1c5d570eb0b Cloning into '/opt/rnng-incremental'... Warning: Permanently added '22.214.171.124' (ECDSA) to the list of known hosts. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. The command '/bin/sh -c git clone email@example.com:rnng-incremental.git /opt/rnng-incremental' returned a non-zero code: 128 Exited with code 128
The weird thing is, I can SSH into this failed job on CircleCI directly after and successfully check out the repository with no issues.
$ ssh -p 54782 126.96.36.199 The authenticity of host '[188.8.131.52]:54782 ([184.108.40.206]:54782)' can't be established. RSA key fingerprint is SHA256:TRHsnF3L7U62SNS3ncAmbVyundtGUdnGWIN6sdFEfTk. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[220.127.116.11]:54782' (RSA) to the list of known hosts. circleci@default-4490a638-8f8f-4f6a-9621-09676decc79c:~$ git clone firstname.lastname@example.org:rnng-incremental.git Cloning into 'rnng-incremental'... Warning: Permanently added '18.104.22.168' (ECDSA) to the list of known hosts. remote: Counting objects: 588, done. remote: Compressing objects: 100% (493/493), done. remote: Total 588 (delta 67), reused 588 (delta 67) Receiving objects: 100% (588/588), 3.52 MiB | 20.61 MiB/s, done. Resolving deltas: 100% (67/67), done.
I’m not sure why these results would be different. The latter successful run is run outside of my Docker build context — perhaps something in the container is making this break (e.g. a different Git version)? I otherwise can’t imagine why the automated build should fail and a manual clone directly after should succeed.
Any ideas from the community would be appreciated … thanks!